Now I was prompted with, which domain names I would use in configuration, and here I entered my hostname of my server like hostname.domain.tld
Then I had to put a email address
Next thing is certbot ask me what hostfile to use, I can only select ssl.conf, so I select it.
and I get asked for host file again, and I select ssl.conf again, and shortly after I get this message

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/hostname.domain.tld/fullchain.pem. Your cert
will expire on 2017-01-25. To obtain a new or tweaked version of
this certificate in the future, simply run certbot-auto again with
the "certonly" option. To non-interactively renew *all* of your
certificates, run "certbot-auto renew"

This probably won't work with letsencrypt authorization. Your haproxy is likely interfering with the tls-sni-01 authorization procedure. Certbot is planting a test cert on your website and trying to access your site, but haproxy is in the middle.

Version eFa 4.0.0 RC3 now available in testing repo. Come join us in advancing eFa!

thank you for your answer,
we managed to get this fixed by configuring the EFA with a external IP.
big thank you for the support
i have a issue with outgoing email, but i won't hijack your post, i will start a new post

Version eFa 4.0.0 RC1 now available in testing repo. Come join us in advancing eFa!

If you have an haproxy frontend, I'd suggest that you just map the letsencrypt authentication url back to your efa box. There is no reason to make the whole efa web server exposed to the internet.

Hi Paul,
i am not sure i understand you correctly, what do you mean with to map the letsencrypt authentication url back to your efa box?
i am supposed to allow port 443/80 to the EFA in order to get the letsencrypt automatically renew the SSL ?
am i correct?

Version eFa 4.0.0 RC1 now available in testing repo. Come join us in advancing eFa!